Biometric authentication technology, which uses biometric information such as fingerprints or palm vein patterns to determine whether or not to authenticate individuals, has been developed in recent years. Biometric authentication technology has found wide application, from large-scale systems with a large number of registered users, such as access control systems, border control systems, or systems using national identification numbers, to apparatuses used by particular individuals, such as computers or mobile terminals.
Biometric authentication technology is classified into the so-called 1:1 authentication method and 1:N authentication method. In the 1:1 authentication method, identification information, such as a user name or an identification number, of a user who requests authentication is input along with the user's biometric information. Thereby, biometric information of registrants to be matched is identified from among registrants registered beforehand. Then the biometric authentication apparatus matches the user's biometric information only with the biometric information of the registrants identified. For convenience of explanation, biometric information of a user is hereinafter referred to as input biometric information and biometric information of registrants is referred to as registered biometric information.
In the 1:N authentication method, on the other hand, identification information of a user is not input to the biometric authentication apparatus and it is not possible to identify registrants to be matched. Therefore, the biometric identification apparatus matches input biometric information with all pieces of registered biometric information registered beforehand. The biometric authentication apparatus then authenticates the user as a registrant corresponding to the registered biometric information that most matches the input biometric information. Accordingly, the number of executions of the matching process increases with larger number of pieces of registered biometric information. The number of registrants may be enormous especially when the biometric authentication technology is used in a large-scale system.
Therefore, there is proposed a technique of selecting registered biometric information on the basis of data representing input biometric information, for example, information that can be obtained by performing a relatively simple process on an image capturing a fingerprint, and matching input biometric information only with the selected registered biometric information (see Japanese Laid-open Patent Publication No. 2002-133416, for example).
On the other hand, when any of the registrants of a system that uses the 1:N authentication method no longer uses the system, it is not preferable, in terms of accuracy of authentication and quantity of computation, to keep the registered biometric information of the registrant in the system. This is because when matching is performed with the biometric information of a registrant who does not use the system, computation is wasted on the unnecessary matching. In some cases, a user may be mistakenly authenticated as the registrant. However, when the system performs a process for deleting registered biometric information during execution of a biometric authentication process, the execution of the deletion process may cause a delay in the execution of the biometric authentication process. Such a delay is not preferable, since the delay prolongs the waiting time from when a user inputs biometric information until obtain the result of the authentication is obtained.
On the other hand, a technique has been proposed in which data is registered by taking deletion of the data into consideration (see International Publication No. WO 2007/049654, for example). In the technique, at the timing of data writing, management information including directory information indicating the storage location of the data on a storage medium and ID information needed for the data is generated. When at the timing of data deleting, determination is made as to whether the ID information corresponding to the data to be deleted is needed or not and then management information corresponding to the data is deleted along with the data stored on the storage medium.